‘Baidu’ Folder Backdoor in Sony’s Xperia smartphone and tabletsMyXperia auto connects to China and the user cannot stop itSony’s ResponseWorkaround
This folder is apparently created automatically and without the owners permission. Once the Baidu folder is created it can relay the entire content as well as your communications, chats, video chats etc. to somebody in China. Elbird says that, through Baidu folder, the Chinese Governement can
Read status and identity of your device Make pictures and videos without your knowledge Get your exact location Read the contents of your USB memory Read or edit accounts Change security settings Completely manage your network access Couple with bluetooth devices Know what apps you are using Prevent your device from entering sleep mode Change audio settings Change system settings
In short everything you do on your Sony Xperia device is being or can be notified to some third party.
MyXperia auto connects to China and the user cannot stop it
Another user meanwhile posted that, the MyXperia feature in the Sony Xperia series on smartphones and tablets is activated automatically and then connects to some Chinese site without his permission. He has posted that, To demonstrate this, the poster, CodeMan put two images on the board. The images are given below :
Sony’s Response
Sony has not officially responded to this ‘baidu’ folder issue or as to why MyXperia was automatically activating itself without user permission and connecting to some Chinese IP. A poster on the thread, Rajanv, who was trying to reduce the users fears of their smartphone being used to track them and their communications by some Chinese entity, put this reply, Though Sony’s response is still being awaited, the matter has escalated with users using both Reddit and Hacker News to vent their fury as well as convey their fears about being spied upon. And thank you @CodeMan for letting us know you used the OS Monitor app to get that great detail of information. I used the terminal emulator by ackpal available on google playstore to find out the network connections at any given time on the phone. Had to type commands like netstat manually and then lookup the IP addresses on a PC. OS Monitor should save me a ton of work. After the recent revelation by F-Secure that Xiaomi smartphones were sending user data back to the servers based in China, Sony will have to come out with some plausible explanation for both
Why is the ‘Baidu’ folder created on Sony Xperia smartphones and tablets Why is the MyXperia feature auto starting without user permission and why is it auto connecting to servers based in China.
Workaround
However till such answers are received from Sony, users may do well to root their smartphones and tablets and delete the unrequired folders. For users who dont know how to root their Android devices, here is a bit of workaround which might work.
Back up important data on the phone and do a factory reset. Start up the phone, go to Settings -> Apps -> Running and force stop the myXperia apps running (there are 2). Remove the baidu folder using File Kommander. Next, enable developer mode, Settings -> About Phone -> Click 7 times on the Build Number. Download or install the Android SDK. Install it. Connect the phone to the computer with USB cable. Next, run the adb tool in the android sdk’s platform tools folder as (to be done in a command line window) adb shell
Doing this will ensure that the secretive ‘baidu’ folder is not created thereafter. However, there is no guarantee that the /system/libbdpush_V2_0.so library will not run post this workaround. You can visit the Sony Forum for further details on this problematic issue.
